Restricting access

In the previous section, we explored ways to limit abusive access to websites running under NGINX. Now, we will take a look at ways to restrict access to a whole website or certain parts of it. Access restriction can take two forms here: restricting a certain set of IP addresses, or restricting a certain set of users. These two methods can also be combined to satisfy requirements that some users can access the website either from a certain set of IP addresses or if they are able to authenticate with a valid username and password.

The following directives will help us achieve these goals:

HTTP access module directives	Explanation
`allow`	This directive allows access from this IP address, network, or the `all` value.
`auth_basic ...`

Get Mastering NGINX - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering NGINX - Second Edition by Dimitri Aivaliotis

Restricting access

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly